Clickjacking (also known
as user-interface or UI
redressing and IFRAME overlay) is an exploit in which
malicious coding is hidden beneath apparently legitimate buttons or other clickable
content on a website.
Ex: A visitor to a site
thinks he is clicking on a button to close a window; instead, the action of
clicking the “X” button prompts the computer to download a Trojan Horse, transfer
money from a bank account or turn on the computer’s built-in microphone. The
host website may be a legitimate site that's been hacked or a spoofed version of some well-known site. The attacker
tricks users into visiting the site through links online or in email messages.
Suppose I am using iframe in your
for some reason. I want to give security so that no one can hack using click
jacking technique by loading his content instead of mine.
Suppose in design I am using iframe
and id of iframe is ifShow. Then just copy paste below code to
prevent click jack on the site.
<script type="text/javascript" language="Javascript">
function
Check() {
try{
if
(window.top !== window.self) {
window.top.location = window.self.location;
return;
}
if
(window.top.location.host != window.self.location.host) {
//window.top.location
= window.self.location;
window.top.location =
window.self.location;
return;
}
var
domain = document.getElementById('ifShow').src.replace('http://', '').replace('https://',
'').split(/[/?#]/)[0];
if
(window.self.location.host != domain) {
window.top.location = window.self.location;
return;
}
}
catch
(ex)
{
window.top.location = window.self.location; /* everyone else */ }
}
setInterval(Check, 1000);
Check();
</script>
0 comments:
Post a Comment